Thank you David. It is good that the community at least support some short term solution. Labeled NFS has been working hard to get the community acceptance. Thanks. -----Original Message----- From: David Quigley [mailto:dpquigl@xxxxxxxxxxxxxxx] Sent: Monday, April 01, 2013 10:55 AM To: Vu, Joseph Cc: Casey Schaufler; J. Bruce Fields; Steve Dickson; Trond Myklebust; J. Bruce Fields; David P. Quigley; Linux NFS list; Linux Security List; SELinux List Subject: RE: [PATCH 13/14] NFSD: Server implementation of MAC Labeling On 04/01/2013 08:54, Vu, Joseph wrote: > What is a good, and working alternative for NFS in term of SE label? There isn't any unless you want to start a labeled cifs project. We looked at CIFS and NFSv4 back when I started this project and from what we saw NFS had the more open community. There are other solutions but they are not ideal. I believe someone did SELinux labels on network attached storage by treating the NAS as an iSCSI device. This isn't ideal because it has concurrency issues. Someone proposed xattr for NFSv4/NFSv3 support and that was shot down as well (and for good reason). I don't share Casey's skepticism about the long term importance of NFS. I think with NFSv4 and all the work that has gone into it we'll see NFS being important in Linux and enterprises for a very long time to come. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
